royal | 383eb4802490f4ffd47f7918d5cd237e69deed15f0ce2aba761f7120d7481037

General

Target

f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
Size

2.9MB
MD5

df0b88dafe7a65295f99e69a67db9e1b
SHA1

db3163a09eb33ff4370ad162a05f4b2584a20456
SHA256

f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429
SHA512

2206969d222882dd8b7e3e5671311462266277d699e08e3016a7b3781b17390e8dd11956d8aaecae996a2c16227d7b2390eb84b9b8df26e39ffe8f38d5b76fbd
SSDEEP

49152:cDVwASOLGtlqrRIU6i9+vazNqQlJZP1BMU2thA8mNtNCiJlrRUFcJ7HIPcLzkw5c:wm+GaNqqJJ12vlZol8cJ7rc3

Score

10^/10

royal ransomware

Malware Config

Extracted

Path

C:\README.TXT

Family

royal

Ransom Note

Hello! If you are reading this, it means that your system were hit by Royal ransomware. Please contact us via : http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/12344567890987654321234567890987 In the meantime, let us explain this case.It may seem complicated, but it is not! Most likely what happened was that you decided to save some money on your security infrastructure. Alas, as a result your critical data was not only encrypted but also copied from your systems on a secure server. From there it can be published online.Then anyone on the internet from darknet criminals, ACLU journalists, Chinese government(different names for the same thing), and even your employees will be able to see your internal documentation: personal data, HR reviews, internal lawsuitsand complains, financial reports, accounting, intellectual property, and more! Fortunately we got you covered! Royal offers you a unique deal.For a modest royalty(got it; got it ? ) for our pentesting services we will not only provide you with an amazing risk mitigation service, covering you from reputational, legal, financial, regulatory, and insurance risks, but will also provide you with a security review for your systems. To put it simply, your files will be decrypted, your data restoredand kept confidential, and your systems will remain secure. Try Royal today and enter the new era of data security! We are looking to hearing from you soon!

URLs

http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/12344567890987654321234567890987

Signatures

Royal
Royal is a ransomware first seen in 2022.
ransomware royal
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Drops desktop.ini file(s) 3 IoCs

Processes:

f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe

description	ioc	process
File opened for modification	C:\Program Files\desktop.ini	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Users\Public\desktop.ini	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe

Drops file in Program Files directory 64 IoCs

Processes:

f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe

description	ioc	process
File opened for modification	C:\Program Files\PushCheckpoint.mht	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\DVD Maker\sonicsptransform.ax	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\Internet Explorer\Timeline.cpu.xml	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Reference Assemblies\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\CompleteGrant.wax	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Microsoft Games\Mahjong\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Uninstall Information\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\WatchResolve.mpa	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Internet Explorer\es-ES\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\RemoveCompress.vbs	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Common Files\SpeechEngines\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Internet Explorer\de-DE\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Internet Explorer\images\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Java\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\MountUninstall.vdw	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Microsoft Games\Solitaire\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\DVD Maker\offset.ax	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Adobe\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Microsoft Office\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\RepairLock.ppt	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\RequestAdd.mpe	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\SearchUnblock.xps	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Internet Explorer\en-US\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\SubmitPublish.mp3	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\DVD Maker\it-IT\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\DVD Maker\ja-JP\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\UnpublishUnblock.mpe	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Microsoft Games\More Games\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Microsoft Office\Office14\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\ConvertFromSend.ini	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\CopyImport.tif	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\ExportAdd.mpeg2	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Internet Explorer\SIGNUP\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\MSBuild\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Common Files\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\DVD Maker\audiodepthconverter.ax	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Common Files\System\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Internet Explorer\fr-FR\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Microsoft Synchronization Services\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Common Files\Microsoft Shared\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\MSBuild\Microsoft\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\ExportResolve.TS	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\SkipSelect.ps1xml	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\StartBackup.wma	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\RedoImport.ram	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\SplitConvert.odt	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File created	C:\Program Files\VideoLAN\README.TXT	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
File opened for modification	C:\Program Files\ImportRepair.fon	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe

Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

vssadmin.exe

pid process

1128 vssadmin.exe

pid	process
1128	vssadmin.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe

pid	process
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

vssvc.exe

description pid process

Token: SeBackupPrivilege 1316 vssvc.exe
Token: SeRestorePrivilege 1316 vssvc.exe
Token: SeAuditPrivilege 1316 vssvc.exe

description	pid	process
Token: SeBackupPrivilege	1316	vssvc.exe
Token: SeRestorePrivilege	1316	vssvc.exe
Token: SeAuditPrivilege	1316	vssvc.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe

description	pid	process	target process
PID 1356 wrote to memory of 1128	1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe	vssadmin.exe
PID 1356 wrote to memory of 1128	1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe	vssadmin.exe
PID 1356 wrote to memory of 1128	1356	f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe	vssadmin.exe

C:\Users\Admin\AppData\Local\Temp\f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe
C:\Users\Admin\AppData\Local\Temp\f484f919ba6e36ff33e4fb391b8859a94d89c172a465964f99d6113b55ced429.exe -path C:\ -id 12344567890987654321234567890987
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1356

C:\Windows\System32\vssadmin.exe
delete shadows /all /quiet
2⤵
- Interacts with shadow copies
PID:1128

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1316

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2

T1107

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1128-54-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads